-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear List readers!
http://www.gnupg.org/gph/en/manual/c14.html
GnuPG needs a pass phrase to protect the primary and
subordinate private keys that you keep in your possession.
You need a Pass phrase to protect your private key.
Enter passphrase:
There is no limit on the length of a passphrase,
===
is this true?
any file system always has a maximum file size.
even ZFS has that. a Zetabyte cannot easily be neglected.
The total sum of all elementary particles in the entire universe
(open or closed) also is estimated to have an upper limit.
This is astronomical units, but they are limited.
===
How many elementary particles in the universe?
Our observable universe is approximately 30 Gigaparsecs across
(or 95 billion light years).
Using the equation for the volume of a sphere we can convert this into
cubic centimeters, and get ~5x10^86 cc.
Multiplying by the 500 particles per cc we found above (100 neutrinos
and 400 photons) we finally get:
2.5 x 10^89 elementary particles in the visible universe.
===
So I feel safe if my pass phrase is approx one Gigaparsecond in size.
Which exceeds the size of my monitor.
==> But this is not practical. not even in Sci Fiction.
as an example for a nice 'n' cool trendy UTF-8 pass phrase
認された範囲では防+A]9衛機9'XK/qH密を含Bm`1gむ情{oKp5報はないという。陸
自第１３旅団司=WkU.E令部（広の幹/qH部自衛官作v)-Gb<れた+A]9た範囲c?
VB9Bm`1g{oKH部自衛p5%zはないといa<l6Zj!g?団司令部（O<9'XK/qHc+'${KW`=
WkU.ES,6q部自と^
That is a 160 character passphrase,
which can be hidden in a secret html page.
bash-3.00$ ls -l passphrase_160-char-unicode.txt
- -rw-r--r-- 1 morten other 288 Oct 21 01:52
passphrase_160-char-unicode.txt
less passphrase_160-char-unicode.txt
"passphrase_160-char-unicode.txt" may be a binary file. See it anyway?
<E8><AA><8D><E3><81><95><E3><82><8C><E3><81><9F><E7><AF><84><E5><9B><B2><E3><81>
<A7><E3><81><AF><E9><98><B2>+A]9<E8><A1><9B><E6><A9><9F>9'XK/qH<E5><AF><86><E3>
<82><92><E5><90><AB>Bm`1g<E3><82><80><E6><83><85>{oKp5<E5><A0><B1><E3><81><AF>
<E3><81><AA><E3><81><84><E3><81><A8><E3><81><84><E3><81><86><E3><80><82><E9><99>
<B8><E8><87><AA><E7><AC><AC><EF><BC><91><EF><BC><93><E6><97><85><E5><9B><A3><E5>
<8F><B8>=WkU.E<E4><BB><A4><E9><83><A8><EF><BC><88><E5><BA><83><E3><81><AE><E5>
<B9><B9>/qH<E9><83><A8><E8><87><AA><E8><A1><9B><E5><AE><98><E4><BD><9C>v)-Gb<
<E3><82><8C><E3><81><9F>+A]9<E3><81><9F><E7><AF><84><E5><9B><B2>c?VB9Bm`1g{oKH
<E9><83><A8><E8><87><AA><E8><A1><9B>p5%z<E3><81><AF><E3><81><AA><E3><81><84><E3>
<81><A8><E3><81><84>a<l6Zj!g?<E5><9B><A3><E5><8F><B8><E4><BB><A4><E9><83><A8>
<EF><BC><88>O<9'XK/qHc+'${KW`=WkU.ES,6q<E9><83><A8><E8><87><AA><E3><81><A8>^
bash-3.00$
Since nothing is typed, a keylogger can have problems.
Will the security increase linear with the length of a passphrase?
Can I even use anothers public key as ctrl+v or paste from clipboard for
the passphrase? More than 255 chars?
since this is the weak point how long can it in theory and practise
really be?
UTF-8, UTF-16 included?
I remember it was a discussion about it on the gnupg list.
but I didn't notice or remember or recall the reply.
What to do if the pass phrase needs to be stronger than what can be
practically typed?
save the passphrase in a file and decrypt from command line with the
gpg --decrypt command
田茂元首相の墓参りをした。ペットボトルに入った水を墓にかけて
displays as this
bash-3.00$ ls -l unicode_test_01.txt
- -rw-r--r-- 1 morten other 91 Oct 21 01:57 unicode_test_01.txt
bash-3.00$ less unicode_test_01.txt
"unicode_test_01.txt" may be a binary file. See it anyway?
<E7><94><B0><E8><8C><82><E5><85><83><E9><A6><96><E7><9B><B8><E3><81><AE><E5><A2><93><E5><8F><82><E3>
<82><8A><E3><82><92><E3><81><97><E3><81><9F><E3><80><82><E3><83><9A><E3><83><83><E3><83><88><E3><83>
<9C><E3><83><88><E3><83><AB><E3><81><AB><E5><85><A5><E3><81><A3><E3><81><9F><E6><B0><B4><E3><82><92>
<E5><A2><93><E3><81><AB><E3><81><8B><E3><81><91><E3><81><A6>
bash-3.00$
can this file be used as input from command line passphrase?
these passwords are recommended for wlan
will they also work for gpg?
https://www.grc.com/passwords.htm
Are they useful for a gnupg passphrase?
sufficiently random ?
--passphrase-file file
Read the passphrase from file file. Only the first line
will be read from file file. This can only be used if
only one passphrase is supplied. Obviously, a
passphrase stored in a file is of questionable security
if other users can read this file. Don't use this
option if you can avoid it.
- --passphrase-clipboard
would be helpful.
In the clipboard I can easily collect as much
characters as any public key can contain.
like this
bash-3.00$ cat testpki-request.pem
- -----BEGIN CERTIFICATE REQUEST-----
MIICfzCCAWcCAQAwOjELMAkGA1UEBhMCREUxETAPBgNVBAoTCFRlc3QtUEtJMRgw
FgYDVQQDEw9zdGVmYW5oZXVnZWwuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDFR4sGJvSuiAw+hwmZdNiqiEv+W49YOGk9YXtqMnfo3R6ntSLIpRkW
sY9qf9jwFbw0Q6W0iHSX1W4LdHCK8/nyrsvlzQNJvhYTDaLQZZeDFZjIJY/v1PZz
jm+K/zqwxTlE5KvgujTiLLEHu5GXOhuzoX3ZnfyAYUq1H4gE1PAbwRne09CTnohF
gj35230KA5f6+oJ6ZJUfcHen7rOkwzYm/CEoIIbRXclc9geRcyF+NCRxppMmrwDk
eVvRn+b8yEIvZXWSV7pylUZ6E27S1BKBgLsHNafzRuTiAk5q8GktR1yz6TFclMk8
U5zL0c3D7vjKLMZw6TC/5dJUa2n+D0qdAgMBAAGgADANBgkqhkiG9w0BAQUFAAOC
AQEADPDwAOtlgwSZwEuAqQVg2IcOTZniYQ4cvP1+h0z9YLaCZtX2nus3B98dOHN6
1fS5WQYglUTabLNFNwSguVABfzWqXk8tYT3jgw6BX/hU5tSISbnH1BHCSo7dZGr/
5M0ce/sjCr9traLAlwfDJaA1h0YRTYQ0pNoSAzxgRCFU57zRBJ73Zwd22Yz+RXBv
5CneKAKZ4UqF7mkfCq+nBLuNn4SlPQ17sPGL4vYbgPgIj7EGnwhzYZUVmDiLtshV
EEja6hjqu82pngztojWGDzhwKlc2lM3ri5ebnb3XsKF6XtAeWY09LmCYNrZ1xWyO
Af3XNFEtHvjBLq4DPW4bHoCnwQ==
- -----END CERTIFICATE REQUEST-----
bash-3.00$
or even pass phrase from a cryptocard reader.
If typed in on a Japanese keyboard,
how many characters can it maximum be?
Unlimited?
160 characters would be the maximum I could recall and type as a passphrase.
But a generated and manipulated random arbitrary certificate file would
also be fine.
If I can use the clipboard and circumvent any key logger that would be
an advantage. The clipboard is limited to my RAM of my video card.
Practically two Gigabyte which gives
2 * 2^20 characters,
if one char counts as one byte, as in ASCII.
Sincerely yours,
Morten Gulbrandsen
主バイトホイットフィールド
_____________________________________________________________________
Java programmer, C++ programmer
CAcert Assurer, GSWoT introducer, thawte Notary
Gossamer Spider Web of Trust http://www.gswot.org
Please consider the environment before printing this e-mail!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (SunOS)
Comment: For keyID and its URL see the OpenPGP message header
iEYEARECAAYFAkj9OyQACgkQ9ymv2YGAKVQsxQCgvlpO6cZM5pT1lShh2KUOUzTP
p3cAoOGS0TGXA3WBB9a/AVgogHlC+lNG
=vEc2
-----END PGP SIGNATURE-----